Last Friday (April 26), ESET and Sucuri simultaneously blogged about the discovery of Linux/CDorked, a backdoor impacting Apache servers running cPanel. Since that announcement, there has been some confusion surrounding the exact nature of these attacks. Rather than reinvent the analysis that has already been done, this blog post is intended to clear up some of the confusion.
When did Linux/CDorked first appear?
According to Cisco TRAC analysis, the first encounter was on March 4, 2013.
How is Linux/CDorked related to DarkLeech?
The appearance of Linux/CDorked coincided with a drop in the number of DarkLeech infections, an indication the attacker(s) may be one and the same.
Unlike DarkLeech, the Linux/CDorked infections appear to be only targeting Apache servers with cPanel installed. Conversely, DarkLeech was found on servers running a variety of control panels (or not). Read More »
Tags: apache, apache darkleech compromise, apache module injection attacks, Cisco Security, cisco sio, SSHD backdoor, TRAC
See how simple Unified Access can be!
Cisco Unified Access delivers a unique solution for enterprises facing a BYOD world: one policy, one management, and one network for wired, wireless, and virtual private networks. It helps businesses deliver new connected experiences, as opposed to getting bogged down by operational complexity.Skeptical? Click on the image to the right to try a brief, modular demo that illustrates just how simple Unified Access can be.
The demo shows the value and ease-of-use of the Cisco Unified Access solution through common enterprise use cases. The demo also highlights the increased visibility, control, flexibility and security enabled by the Cisco Unified Access architecture. Read More »
Tags: Cisco Demo, connected mobile experiences, Contextual policy, unified access, unified_access
A core part of Cisco’s Internet of Everything narrative is the Internet of Things—what we view as the latest wave of the Internet -- connecting physical objects in ways that help us analyze and control our environment to provide better safety, comfort, and efficiency.
This is not a new concept—RFID was introduced in the late 1960s—but it has reached a tipping point for IP connectivity, driven by advances in sensor technology, IPv6, and electronics miniaturization.
Amid this move toward IP, Cisco is continuing its long-standing participation in OASIS (Organization for the Advancement of Structured Information Standards) by participating in the effort to produce an MQTT standard. Read More »
Tags: Cisco Connected Grid, CoAP, internet of things, IoT, MQTT, protocols, Smart Grid, utilities, XMPP
By Steve Simlo, IPv6 Product Manager, Cisco Network Operating Systems Technology Group
As IPv6 gains more and more ground within the Internet we are starting to see recognition amongst the wider community that technologies such as Carrier Grade NAT (CGNAT) have some significant drawbacks from a service and scalability standpoint. Some of the issues were recently highlighted by a major carrier which actually issued a public “opt out” option to their customers if needed.
However, there are some applications such as online gaming, VPN access, FTP service, surveillance cameras, etc., that may not work when broadband service is provided via a CGN. For our customers utilizing these types of applications, we provide the ability to “opt out” of CGN Read More »
Tags: cgv6, Cisco, Internet of Everything, internet of things, IoT, IPv6, map, Service Provider, Steve Simlo, World IPv6 Congress
The Compressed Pcap Packet Indexing Program (cppip) is a tool to enable extremely fast extraction of packets from a compressed pcap file. This tool is intended for security and network folk who work with large pcap files. This article provides a complete discussion of the tool and is split into two parts. The first part, intended for end-users, will explain in detail how to build and use the tool. The second part, intended for C programmers, covers cppip’s inner workings.
Cppip is a command line utility designed to make packet extraction from large pcap files extremely fast — without having to uncompress the entire file. It relies on pcap files that have been compressed using the freely available bgzip, a backward compatible gzip utility that boasts a special additive — the ability to quickly and cheaply uncompress specific regions of the file on the fly. You will find cppip quite useful if you work with large pcap files and have the need to extract one or more packets for subsequent inspection. As you’ll see, preparing your pcap files for use with cppip is a two step process of compressing the pcap file with bgzip and then indexing it with cppip. But before you can use cppip, you first have to install it. Read More »
Tags: open source, packet capture, pcap, security